Your SlideShare is downloading. ×
0
Beyond IFrames:Web Sandboxes<br />Scott Isaacs<br />Software Architect<br />Microsoft<br />
How Web Sites are Built Today<br />Google Friend Connect<br />Youtube<br />The Web normally has a Same Origin Policy – but...
Circles of (Dis)Trust<br />Shared Frameworks<br />Affiliates<br />Images<br />Gadgets<br />Maps<br />You Tube<br />Your Co...
User’s Expectations ≠ Reality<br />Mismatch between browser security and expectations<br />O/S boundaries protected<br />C...
The growing risk…<br />Differentiation between Cloud and Local Services is blurring…<br />User Data being aggregated…<br /...
What about IFrames?<br />Still exploitable…<br />Run-away code…<br />Navigation…<br />Click-Jacking…<br />And not rich eno...
Web Sandbox<br />Isolate and secure the boundaries via composite host-defined policies<br />Builds on existing knowledge<b...
QoS - Going beyond security<br />Profiles executing code<br />Error tracking and recovery<br />Code Throttling<br />LifeCy...
Your Web Page<br />Creating Secure Containers<br />Policy and Rules<br />Policy and Rules<br />Policy and Rules<br />Web S...
Web Sandbox: The Big Picture<br />Trusted Host(e.g., Your Site)<br />Requests Content(untrusted)<br />SandboxVirtual Machi...
Transformation Process<br />Request Resource<br />Parse Resource<br />Output JavaScript for execution within the Sandbox V...
Sandbox Virtual Machine<br />Validates execution against policies<br />Supports instancing and lifecycle<br />Monitors QoS...
Policies<br />Contextually-aware API “tables”<br />Allow/Deny/Augment rules<br />Cascading model<br />Default “Gadget” Pol...
Trusted/ Untrusted boundaries<br />Custom Policies to Surface Host APIs<br />Demo…<br />Mutually distrusted components sha...
Simple Integration…<br />&lt;script src=&quot;sandbox2.js&quot;&gt;&lt;/script&gt; <br />&lt;div id=&quot;box&quot;&gt;&lt...
Upcoming SlideShare
Loading in...5
×

Scott Isaacs Presentationajaxexperience (Final)

1,315

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,315
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
30
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Users view versus reality… Start with your site and then expand… explaining the user’s view versus what is really happening
  • Platforms - cloud data is avaluable – same attack vectors against the PC now exist in the cloud. Currently hacking around for sharing. data
  • Quality of service demo, code throttling., etcUse TICKING CLOCK!
  • Request untrusted contentTransform untrusted contentInterceptionProfilingQoS ProtectionWrap a sandbox around contentAssociate with PolicyBind to document node (optional)Execute…
  • JSON-ize HTML/CSS, Inject interception, profiling, QoS hooks, and Lifecycle (factory) supportPerforms an A->B TransformationPerforms syntactic validationNo security at this point
  • DO A DEMO OF A POLICY EXPLAINING DOCUMENT.BODYDo prototype overriding and namespace explanationaddEventListener…
  • Some scenarios are so extreme, becoming a platform themselveLocal capabilities are being exposed, cloud Capabilities are increasing in valueBe aware of these challenges in your applications…
  • Transcript of "Scott Isaacs Presentationajaxexperience (Final)"

    1. 1. Beyond IFrames:Web Sandboxes<br />Scott Isaacs<br />Software Architect<br />Microsoft<br />
    2. 2. How Web Sites are Built Today<br />Google Friend Connect<br />Youtube<br />The Web normally has a Same Origin Policy – but in practice, “your script works in my origin”<br />All JavaScript code in the page, regardless of origin, has the same trust level and permissions<br />If one bit of code fails or is compromised, the entire page/app/site can be compromised<br />Quick Demo…<br />Youtube<br />Google News<br />Error from Amazon<br />
    3. 3. Circles of (Dis)Trust<br />Shared Frameworks<br />Affiliates<br />Images<br />Gadgets<br />Maps<br />You Tube<br />Your Code<br />Social Networks<br />Analytics<br />Search<br />Content<br />Display Ads<br />Images<br />
    4. 4. User’s Expectations ≠ Reality<br />Mismatch between browser security and expectations<br />O/S boundaries protected<br />Cross-domain content protected<br />Composite pages have a single policy<br />Aggregation (mash-ups) not protected<br />You need a composite policy for a composite page<br />Let’s secure the cookie…<br />
    5. 5. The growing risk…<br />Differentiation between Cloud and Local Services is blurring…<br />User Data being aggregated…<br />Personal Data (both local and cloud-based)<br />Storage, Photos, E-Mail, Social Network/ Contacts, IM<br />Devices<br />Phones, GPS, Camera, etc.<br />…and exposed to…<br />Site Services<br />Rich Advertising, Analytics, Maps, Affiliate Programs<br />Site Extensibility<br />Gadgets, Libraries, etc.<br />
    6. 6. What about IFrames?<br />Still exploitable…<br />Run-away code…<br />Navigation…<br />Click-Jacking…<br />And not rich enough…<br />Designed for content embedding<br />Established fixed “policies”<br />Won’t work for display integration (e.g., fly outs)<br />Fails for tight integration w/ API’s, CSS<br />Isolation model, not a Security Architecture<br />
    7. 7. Web Sandbox<br />Isolate and secure the boundaries via composite host-defined policies<br />Builds on existing knowledge<br />Embrace existing programming patterns<br />Provides browser equalization<br />Open Source Project (Apache License)<br />
    8. 8. QoS - Going beyond security<br />Profiles executing code<br />Error tracking and recovery<br />Code Throttling<br />LifeCycle management<br />QoS Demo…<br />
    9. 9. Your Web Page<br />Creating Secure Containers<br />Policy and Rules<br />Policy and Rules<br />Policy and Rules<br />Web Sandbox Virtual Machine<br />Web Sandbox Virtual Machine<br />Web Sandbox Virtual Machine<br />Untrusted Script<br />Untrusted Script<br />Untrusted Script<br />
    10. 10. Web Sandbox: The Big Picture<br />Trusted Host(e.g., Your Site)<br />Requests Content(untrusted)<br />SandboxVirtual Machine(JavaScript Library)<br />Sandboxed Execution<br />Sandboxed Execution<br />TransformationPipeline<br />(Server or Client-based)<br />Untrusted Content<br />Virtualize Code<br />
    11. 11. Transformation Process<br />Request Resource<br />Parse Resource<br />Output JavaScript for execution within the Sandbox VM<br />Let’s take a look….<br />
    12. 12. Sandbox Virtual Machine<br />Validates execution against policies<br />Supports instancing and lifecycle<br />Monitors QoS via profiling & throttling<br />Protects external communication<br />
    13. 13. Policies<br />Contextually-aware API “tables”<br />Allow/Deny/Augment rules<br />Cascading model<br />Default “Gadget” Policy<br />Supports JavaScript/ W3C DOM<br />Provides Namespace isolation<br />Demo…<br />
    14. 14. Trusted/ Untrusted boundaries<br />Custom Policies to Surface Host APIs<br />Demo…<br />Mutually distrusted components sharing single “Trusted” Map<br />
    15. 15. Simple Integration…<br />&lt;script src=&quot;sandbox2.js&quot;&gt;&lt;/script&gt; <br />&lt;div id=&quot;box&quot;&gt;&lt;/div&gt;<br />&lt;script src=&quot;transform.ashx?type=script&guid=GadgetGUID&ua=IE8&url=http://siteexperts.com/untrusted.js&quot;&gt;&lt;/script&gt; <br />&lt;script&gt;var instance = new $Sandbox(document.getElementById(&quot;box&quot;), $Policy.Gadget, &apos;GadgetGUID&apos;);instance.initialize();<br />&lt;/script&gt;<br />
    16. 16. Closing Thoughts…<br />Web Application ecosystem is evolving<br />Applications getting richer via aggregation<br />More valuable services and personal data are exposed<br />The web security model must evolve<br />Web-sandbox adds protection across the boundaries<br />Sites can properly model and enforce the trust relationship<br />Sites can protect themselves and their users<br />Possible without redefining the web…<br />Go play with it (http://websandbox.livelabs.com)<br />
    17. 17. Questions?<br />Learn more at:<br />http://websandbox.livelabs.com<br />Also don’t miss the panelSecure Mashups: Getting to Safe Web Plug-insWednesday, 10:55am<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×